Digest of Overview of Linux Kernel Security Features

Linux kernel Security:

I. DAC: Discretionary Access Control, the core security model of UNIX.

II. POSIX ACL: Extended DAC

III. Namespaces

     Derived from Plan 9.

     Process has its own view of resources, for example filesystem.

IV. Network Security: Netfilters

     1. iptables: network layer

     2. ebtables: link layer and linux bridge

     3. arptables: for arp protocol

     4. IPsec: network layer

V. Cryptography

    1. Cryptographic API, such as IPsec

    2. Disk encryption, such as ecryptfs and dm-crypt

    3. kernel module signature

VI. LSM: Linux Security Modules

    1. MAC: Mandatory Access Control

        i. SELinux: Security Enhanced Linux

        ii. Smack: Simplified MAC Kernel?

        iii. AppArmor: Used by Ubuntu and OpenSUSE

        iv. TOMOYO: path-based security

        v. Yama

VII. Audit

VIII. Seccomp: Secure computing

IX. Integrity management

X. Hardening and Platform Security

    for example: ASLR--Address Space Layout Randomization

 

 This is a guest post from James Morris, the Linux kernel security subsystem maintainer and manager of the mainline Linux kernel development team at Oracle.

URL: https://www.linux.com/learn/overview-linux-kernel-security-features